Many years ago business owners and analysts were introduced to the term ‘big data.’ As expected, it caught the attention of entrepreneurs who sought to improve their businesses with this new concept. Analysts and researchers found ways to collect and manage big data in view of giving businesses more leverage in the competitive markets. Before long, the value of big data was apparent to everyone especially businesses in the e-commerce industry. While it was being used in productive ways to grow businesses, big data became so valuable that it was also the target of hackers and cybercriminals who sought to use to achieve illegal goals.
The improvement of businesses with technology in recent times tends to introduce higher levels of transparency which could compromise privacy. Currently, regulatory agencies in various countries are brainstorming ways to protect the privacy of individuals even with the use of new technology. In Europe, this challenge has been addressed by the EU. The General Data Protection Regulation (GDPR) has been constituted as a regulation to protect public privacy.
GDPR is scheduled to be launched in May 2018. Meanwhile, it has caused a lot of debates among analysts in the European commercial sector. The statues contained in the GDPR will be binding on retail businesses in the European Union, and it projects stringent regulations that must be obeyed. It is important that all business owners understand the statutes of the GDPR to avoid penalties which could reach as high as 4% of the indicted company’s annual global turnover; it is however capped at €20M. Other countries will be closely watching to see how GDPR will increase the management of data and the related privacy laws. The successful implementation of GDPR will lead to the development of similar models in other countries globally.
An Overview of GDPR
In the EU, efforts to achieve individual data protection were previously supported by the Data Protection Directive which was established in 1995. This directive will be replaced by the more influential GDPR which is backed by the law.
The GDPR is a large document that was written by many authorities and legal representatives in two years. However, the scope of this document can be narrowed down to derive five essential code regulations which will be enforced. With this development, it is easier for both the retailer companies and the consumers to quickly understand the new regulations and how it affects both parties.
Important Note: This is to confirm that the content in this paper is a personal interpretation and overview of the essentials aspects of the GDPR. The content in this paper should never be assumed to be legal advice. Regarding businesses operating in the EU, it is strongly advised that they carry out a critical analysis of the regulation by following the link below and particular questions regarding compliance should be directed at a competent lawyer.
It is imperative that consent is received from all data subjects before data collection is done
In accordance with the GDPR, it is essential that consumer consent is ‘clear and distinguishable.’ From this definition, two ideas can be inferred: (1) the consumer(also referred to as the data subject) must be provided with an option to agree or refuse any data collection, and (2) every company data collection policy must be presented in ‘an intelligible and accessible form.’ In simple terms, the content of collection policies must be written in plain language, free of dense and confusing legal terms. It is now considered as an illegal act to write a description of how consumer data will be used in areas within the legal fine print of a company’s legal policy which makes it difficult for consumers to locate and read.
Companies can comply with this part of the regulation by reviewing these two important practices:
- Customers must be provided an option to accept or decline an invitation to join your mailing list or confirm the receipt of other marketing materials. The common practice was to automatically include customers email to the company’s mailing list, however; the customer will have an option to opt out if they wish. This practice is no longer legal in the EU. Now, customers must give consent before their email is included in a company’s mailing list.
All Data subjects should be informed of their right to access their data
- This regulation includes two important implications that should be fully understood:
Customers must be permitted to request the entire data log that has been collected about them which must be delivered in a digital format without any charges. This request can be made any anytime, and the response should be prompt.
- The customer must also be provided with a description of how their data has been used by the company. In this regard, some complications can arise due to the activities of third-party services. It is mandatory that the retail company has a full understanding of how third-party partners use customers’ data to present an accurate description to customers immediately they request this information. More information regarding third party services will be discussed in the later part of this article.
All Data Subjects must have the Right to Demand that Their Data be Completely Erased
Under the new regulation, every customer has a right to demand that their data be entirely erased from your database. And it is imperative that you comply with this request. By using this privilege, information regarding this customer will be removed from the company’s system, and this includes customer data that has been accessed by third-party services through your platform.
All Data Subjects Have the Right to Data Portability
The customer can request that copies of their data be sent to other parties such as companies or lawyers. In this regard, retail companies can benefit from some protection. In the GDPR regulations, this provision is described as ‘technically feasible and available.” However, retail companies can raise disputes regarding particular difficult requests in this regard.
All Data Subjects Have the Right to Rectification
The customer has a right to request the changes and modification in any area of their data which is reported to be inaccurate. It is expected that these changes should be promptly done. It is however beneficial to the retail companies because the use of accurate customer information will improve the outcome of their marketing strategies.
Third Party Services and Data
This is an area in the GDPR which may be quite challenging for the retail companies regarding compliance. The value of data depends on how it is used. Generally, many retail companies rely on third-party services for data collection and management. However, third-party services employ a variety of extensions and processes such as A/B testing, target marketing, demographic profiling, geographic data, customer lifetime purchasing cycle information, etc. to process customers data. This means retail companies in partnership with many third-party service providers must understand the various ways each third party service uses customer data. The GDPR regulations specify that this information must be made available to every customer upon request. And should the customers decide that their data be erased from the retail companies database, this information must also be completely removed from the system of all the third party service providers. This can be a very hectic process for retail companies.
Start Making Plans to Comply with GDPR Now
Compliance is inevitable; it, however, will complicate a majority of business operations. However, due to the increasing demand for transparency and security from customers, regulations such as the GDPR will eventually become a normal feature in the business industry. The smart move for retail companies is to start planning now. Plans should be made to implement strategies for data management that comply with GDPR. Business owners should create strategies to integrate training, documentation, audit, and monitoring processes to give their businesses an edge in the markets despite the new EU regulations.
Overall, the GDPR has been developed for a good cause. It will increase the security and protection of citizens’ rights in the EU, and similar models will be implemented globally. Adherence to these regulations will have a positive impact on businesses. Customer loyalty will be increased, and there will be a more transparent communication between retail companies and the third party service providers, further preventing customer data from being abused.